Open slonopotamus opened 4 years ago
I think this is more of a core issue. The jail mechanism has never really been fully fleshed out. It was more of a paranoid mode than a truly useful one. This is a good example. I've long wanted to rework it so it behaves more logically.
I think this is more of a core issue
I possibly agree, though don't know how to reproduce it with core standalone. I guess you have permissions to transfer issue to core.
It was more of a paranoid mode than a truly useful one.
I came across this bug because it turned out that Asciidoctor.convert_file
defaults to SAFE
mode (unlike CLI that defaults to UNSAFE
), so I assumed SAFE
mode is something that is used pretty extensively.
I came across this bug because it turned out that Asciidoctor.convert_file defaults to SAFE mode (unlike CLI that defaults to UNSAFE), so I assumed SAFE mode is something that is used pretty extensively.
There's a weird history around it. Basically, it had to be that way for Asciidoctor to work on GitHub, even though GitHub doesn't actually use any features that are affected by it.
To reproduce on core, you can use includes with sources under the source tree or output tree, etc. I am using Doctoolchain 3.3.1 that embeds gradle launching a ruby implementation of Asciidoctor. When I include files under the source tree, I get the same error, the included file is not in the jail that jail being the output directory, not the source directory. So I can't include diagrams that are in the same directory of the Adoc file, nor include source code even when it is in the subfolder of the folder containing the Adoc file.
Please, see my repro repository.
It has a single
book/book.adoc
:And I try to convert that book to a different directory:
But suddenly, this produces warnings:
And as a result,
book/cool-diag.png
is created instead ofoutput/cool-diag.png
.Expected: no warnings +
cool-diag.png
is created inoutput
directory instead ofbook
directory.Reproduced using asciidoctor-2.0.10 + asciidoctor-diagram 2.0.1.
So, seems like jail mechanism did here the reverse of what it was supposed to do. Instead of allowing to write only into destination dir, it rejected writing to destination dir and forced writing into source dir.